Mobile OS vulnerabilities increase in 2011

Symantec has noted a 43 per cent increase in mobile device vulnerabilities so far in 2011.

According to a new whitepaper 'A window into mobile device security: Examining the security approaches employed in Apple's iOS and Google's Android', with most devices designed primarily with consumer requirements in mind, most have traded off security to ensure usability.

The whitepaper found that while offering improved security over traditional desktop-based operating systems, both iOS and Android are still vulnerable to many existing categories of attacks. It said that while the iOS's security model offers strong protection against traditional malware, primarily due to Apple's rigorous app certification process and its developer certification process, Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection.

Tom Parsons, Symantec response centre manager, told SC Magazine that there are pros and cons to the Android platform, with opportunities for malware via malicious applications. On iOS there is the threat of proof-of-concept, as people have been able to post malicious applications.

He said: “The first time security was taken seriously was in 2004/5 with Windows XP service pack 2, with security built in from the start, and this concept has been used to build security systems. The iPhone uses two forms of encryption while Android doesn't use any, but it is starting to with the launch of honeycomb.”

Asked about the statistic claiming that mobile vulnerabilities have risen by 43 per cent since the start of 2011, Parsons confirmed that this is down to operating system vulnerabilities and called it 'a very significant increase'.

“Every vulnerability is important but it does come down to the OS being more popular and there is more exposure on it and we may see more vulnerabilities in this space going forward,” he said.

Carey Nachenberg, Symantec fellow and chief architect at Symantec security technology and response, said: “Today's mobile devices are a mixed bag when it comes to security. While more secure than traditional PCs, these platforms are still vulnerable to many traditional attacks.

“Moreover, enterprise employees are increasingly using unmanaged, personal devices to access sensitive enterprise resources and then connecting these devices to third party services outside of the governance of the enterprise, potentially exposing key assets to attackers.”

SC Media UK arms cyber-security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.